The TLS_RSA_ cipher suites require that the premaster secret
is encrypted with the RSA key in the servers certificate.
But an rsa_pss_pss_256 certificate (have not seen that notation
before) is probably a signing-only certificate, that says not
to encrypt anything with its RSA key.

The TLS_RSA_ cipher suites require that the premaster secret
is encrypted with the RSA key in the servers certificate.
But an rsa_pss_pss_256 certificate (have not seen that notation
before) is probably a signing-only certificate, that says not
to encrypt anything with its RSA key.

Why does rsa_pss_rsae_256 + TLS_RSA_* work?

It sounds that rsa_pss_pss_256 and rsa_pss_rsae_256 are the same signature scheme.

because certificate that is usable for rsa_pss_rsae_sha256 signatures has a
rsaEncryption Subject Public Key Info, that means it is generally usable both
for encrypting the premaster key (TLS_RSA_* ciphers) and making signatures of
its own (TLS_ECDHE_RSA_* ciphers), unless the KeyUsage X509v3 extension
doesn't say otherwise...